I found this by running the stress test with MallocStackLogging enabled: Leak: 0x1a2ca400 size=10240 string 'L' Call stack: [thread 0xa05a0fa0]: | 0xba4d6 | NSApplicationMain | -[NSApplication run] | 0x86be | -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] | _DPSNextEvent | BlockUntilNextEventMatchingListInMode | ReceiveNextEventCommon | RunCurrentEventLoopInMode | CFRunLoopRunInMode | CFRunLoopRunSpecific | __NSFireTimer | 0x29373 | 0x29486 | 0x29804 | 0x29cc1 | -[WebHTMLView(WebDocumentPrivateProtocols) string] | -[WebFrame(WebInternal) _stringForRange:] | WebCore::plainTextToMallocAllocatedBuffer(WebCore::Range const*, unsigned int&) | malloc | malloc_zone_malloc Hopefully this will be enough to help somebody find the leak.
It looks like -[WebHTMLView(WebDocumentPrivateProtocols) string] is being invoked from Safari. The code inside WebKit is trivial and looks correct, which makes it likely that any bug here is in Safari code.
Reported as <rdar://6042418>. Closing this because it is extremely unlikely that this is a WebKit issue.